Home / Advisories / KLCERT advisories / KLCERT-18-026: LibVNC Heap Use-After-Free

KLCERT-18-026: LibVNC Heap Use-After-Free

Kaspersky Lab publishes information on newly identified vulnerabilities in order to raise user awareness of the IT security threats detected. Kaspersky Lab does not make any guarantees in respect of information received from vendors of products in which vulnerabilities have been identified, which is included in the following sections of the advisory: Affected Products, Vendor Mitigation.

KL-IDS KLCERT-18-026
CVE-IDS CVE-2018-6307
Publication date 2018.12.19
Researcher Pavel Cheremushkin, Kaspersky Lab ICS CERT
Description LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains a heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in ca2a5ac02fbbadd0a21fabba779c1ea69173d10b and later.
Impact Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
Severity
CVSS v3 Base Score: 10.0
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitability Remotely
Difficulty Low
User interaction None
Existence of exploit Unknown
Affected products
Affected products LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b
Mitigation
Vendor mitigation Update LibVNC to 0.9.12
Timeline Aug 2018 – Vulnerability reported
Oct 2018 – Vendor releases patch
Dec 2018 – Advisory published